Privacy Policy

This Privacy Policy explains how Bof Casino (“we,” “us,” “our”) collects, uses, stores, and protects your personal data when you use our website, bof-casino-online.uk, and our related services (the “Services”). Protecting your privacy and personal information is of the highest importance to us, and we process all data in compliance with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

By using our Services, you consent to the data practices described in this policy. If you do not agree with any part of this policy, you must not use our Services.

1. Information We Collect

We collect information that is necessary to provide our Services, comply with legal obligations, and enhance your user experience. This information can be categorized as follows:

1.1. Information You Provide Directly

Account Registration Data: Your full name, date of birth, residential address, email address, and telephone number.
Verification Data: Copies of identification documents (passport, driving licence), proof of address (utility bill, bank statement), and proof of payment method, which we are legally required to collect under our UK Gambling Commission licence.
Financial Data: Payment method details (e.g., card number, e-wallet account name), transaction history, deposits, and withdrawals.
Communication Data: Records of your interactions with our Customer Support team via email, live chat, or phone.
Responsible Gambling Data: Any limits you set on your account, self-exclusion requests, and information related to your play activity used for our responsible gambling assessments.

1.2. Information Collected Automatically

Technical Data: Your IP address, browser type and version, time zone setting, operating system, and platform.
Usage Data: Information about your visit, including the full URL clickstream to, through, and from our site, pages you viewed, page response times, and download errors.
Device Data: Information about the device you use to access our Services, including unique device identifiers.

1.3. Information from Third Parties
We may receive information about you from third-party sources, such as:

Identity verification service providers to help us fulfil our anti-money laundering (AML) and Know Your Customer (KYC) obligations.
Fraud prevention agencies and risk management tools.
Publicly available sources and regulatory bodies where permitted by law.

2. How We Use Your Information

We will only use your personal data when the law allows us to. Our primary legal bases for processing are: performance of a contract with you, compliance with a legal obligation, and our legitimate interests (which we balance against your rights).

Purpose of Processing	Legal Basis
To create and manage your player account, process transactions, and provide the gaming Services.	Performance of a contract.
To verify your identity, age, and location to prevent fraud and comply with legal/regulatory duties (AML, KYC).	Legal obligation and legitimate interests.
To monitor gameplay for signs of problem gambling and apply responsible gambling tools.	Legal obligation and legitimate interests.
To send you service-related communications (e.g., account updates, password resets).	Performance of a contract.
To personalise your experience and improve our website, games, and promotions.	Legitimate interests.
To detect, prevent, and investigate fraud, security breaches, or other prohibited activities.	Legal obligation and legitimate interests.
To comply with legal and regulatory reporting requirements.	Legal obligation.

3. Data Sharing and Disclosure

We do not sell or rent your personal data to third parties for marketing purposes. We may share your data in the following circumstances:

With Service Providers: We engage trusted third parties to perform functions on our behalf, such as payment processing, identity verification, data analysis, customer support, and IT services. These providers access only the data necessary to perform their functions under strict confidentiality agreements.
For Legal and Regulatory Reasons: We may disclose your information if required by law, regulation, or a valid legal process (e.g., a court order). This includes sharing data with the UK Gambling Commission, HMRC, or law enforcement agencies to fulfil our regulatory obligations.
For Business Transfers: In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred as part of that transaction. You will be notified via email of any change in ownership or control.
With Fraud Prevention Partners: We share data with dedicated fraud prevention agencies to protect our business and our users from criminal activity.

4. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our retention periods are determined by our legal and regulatory obligations (which, under UKGC rules, are a minimum of six years after account closure) and business needs. Following this period, your data will be securely deleted or anonymised so it can no longer be associated with you.

5. Your Data Protection Rights

Under data protection law, you have rights, including:

Right of Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request correction of inaccurate or incomplete data.
Right to Erasure (“Right to be Forgotten”): You can request deletion of your data, subject to our legal obligations to retain certain information.
Right to Restrict Processing: You can request we temporarily halt processing of your data in certain circumstances.
Right to Data Portability: You can request a machine-readable copy of your data to transfer to another service provider.
Right to Object: You can object to processing based on legitimate interests or for direct marketing.
Rights related to automated decision-making: You have the right not to be subject to a decision based solely on automated processing that significantly affects you.

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before responding. You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO).

6. Data Security

We implement robust technical and organizational security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption (SSL/TLS), firewalls, access controls, and secure data storage. While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. International Data Transfers

As part of our operations, your data may be transferred to, and processed in, countries outside the United Kingdom (e.g., where our service providers are located). We ensure any such transfer is carried out in compliance with applicable data protection laws and that appropriate safeguards (such as Standard Contractual Clauses approved by the UK government) are in place to protect your data.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users, improve site functionality, and analyze traffic. For detailed information on the cookies we use and their purposes, please see our separate Cookie Policy.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The “Last Updated” date at the top of this page will be revised. We will notify you of any material changes via email or a prominent notice on our website before the changes become effective. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer at: [email protected].